In a cryptographic system using symmetric cryptography (also known as “secret-key” cryptography), the involved parties share a common secret (password, pass phrase, or key). Data is encrypted and decrypted using the same key. Any party possessing a specific key can create encrypted messages using that key as well as decrypt any messages encrypted with the key. In systems involving a number of users who each need to set up independent, secure communication channels, symmetric cryptosystems can have practical limitations due to the requirement to securely distribute and manage large numbers of keys. Security of encrypted information is optimized when a different, random key is used for each piece of information. Consequently, a very large number of keys is required to deliver optimal security using symmetric cryptography.
Widely used cryptographic algorithms, such as the Advanced Encryption Standard (AES) and the Data Encryption Standard (DES) in its Triple-DES incarnation, are openly published and publicly available. These algorithms deliver strong security when an attacker cannot determine the key or keys used for encryption even though the attacker is fully aware and knowledgeable regarding the cryptographic algorithm used for encryption and may have the encrypted data available to repeatedly attempt to determine the encryption key(s).
The encryption keys used in cryptographic operations for symmetric cryptography are typically genuinely random. The use of a genuinely random key prevents an attacker from determining that key other than through what is known as a “brute-force attack”. In a brute force attack, the attacker has to find the key through trial-and-error by sequentially trying permutations of possible keys in the space of all potential keys. If the number of possible permutations for a key is sufficiently large, it is infeasible for attackers to mount effective brute-force attacks to find keys in any reasonable time frame (on average), even using highly advanced computing systems.
A primary challenge to the use of cryptography is the management of the encryption keys. In this context, “encryption key management” refers to how strong encryption keys (i.e., random keys of sufficient length) are securely generated, stored, shared and, if and when necessary, recovered.
Key management issues can be very challenging to solve, as solving one of the key management issues often generates one or more additional key management issues or makes another key management issue more difficult to execute optimally.
For example, traditionally, symmetric encryption keys have been generated using hardware-based random number generators or software-based pseudo random number generators (PRNGs). However, once a traditional random number generator is used to generate a genuinely random number that is to be used as an encryption key, that key must be stored for later retrieval for decryption because it is impossible to deterministically re-generate that same key in the future using that same random number generator. In this regard, then, generating genuinely random numbers for strong symmetric keys leads directly to the need to store those keys securely for future retrieval.
Additionally, it is optimal to use a unique, genuinely random symmetric key for each distinct piece of information, rather than using a single key for all pieces of information or re-using a key across multiple pieces of information. If a different key is used for each piece of information, all other pieces of data will remain secure even if one key associated with one piece of information is compromised by some means.
However, when a unique key is used to protect each piece of information, the number of unique keys expands rapidly. This issue requires the management of keys to be executed in a scalable manner that will not limit the number of keys that can be generated and used. This ability to scale the key management can make it increasingly substantially difficult to securely store these keys.
Secure key storage is further made difficult for certain types of computer processes. For instance, services that operate on servers or in dedicated hardware appliances have a challenging requirement to store and access keys in a secure manner. Unlike servers and hardware appliances, endpoint devices, such as workstations and mobile devices, can be directly accessed by users and, therefore, keys can be stored securely using user-entered passwords or other techniques that can generate keys to encrypt and decrypt stored keys. In other words, when a key need to be accessed, an end user can be prompted to enter the corresponding password, passphrase, or other information that generates a key to decrypt the key or keys stored securely.
However, it is not possible for humans to easily or effectively enter passwords on computer servers or hardware appliances for server applications, other than potentially when the server applications first “boot up” and initialize. Once a server application is operating, it is not realistically possible to stop the application to wait for a person to enter information to “unlock” a key. Given the speed and capacities of modern servers and appliances serving many users at one time, stopping a server application to have a human “unlock” a key is infeasible from all perspectives. Therefore, the technique explained above to protect keys stored on end-user devices cannot be used to protect keys on servers. This is a significant issue because servers often hold vast amounts of information that would be optimally secured using a large number of keys.
Further, the sharing of a large number of keys is also extremely difficult. If each piece of information is encrypted with a unique key, those keys need to be shared by any users and software/hardware processes needing to access the information. Securely sharing one key or a small number of keys among a group of people or software/hardware processes is challenging. Securely sharing a large number of keys among a similar group is completely untenable. There is a significant problem in scalability related to key sharing.
Clearly, there is a need for a cryptographic system that mitigates these issues by enabling broad-scale use of symmetric cryptography with genuinely random keys, but eliminating the need for users to share keys to enable encryption/decryption, and eliminate the need for keys to be stored.